Title: Privacy Impact Assessment (PIA) Specialist - Senior
Location: Toronto, ON (Hybrid)
Duration: 125 business days with possible extension
Job Description:
Deliverables:
- The purpose of this request is to acquire one Senior Privacy Impact Assessment (PIA) Specialist to support the oncoming related privacy requirement work for Enterprise Products & Services Division and the Customer Value & Products – Clinical Data Division.
- Deliverables include but not limited to:
- Providing Privacy support and feedback
- Conducting Privacy Impact Assessments on various Enterprise Products & Services and Customer Value & Products – Clinical Data related initiatives
- Identify and mitigate any privacy risks and ensure compliance with relevant laws and policies
- The Senior Privacy Impact Assessment (PIA) Specialist will be required to work with the appropriate teams to:
- Conduct/complete Privacy Threshold Assessments and associated documentation
- Conduct/complete Privacy Impact Assessments and associated documentation
- Provide Privacy Consultation on a diverse range of complex, multi-stakeholder health privacy issues and Information Technology (IT) initiatives throughout the product/service development and deployment life cycle
- Develop risk mitigation plans
- Create or inform the creation of data flow diagrams and associated privacy controls and compliance requirements
- Review and advise on agreements, including data sharing agreements
Must haves:
- Minimum of 5 years’ health privacy experience conducting privacy impact assessments on medium to high complexity projects
- Minimum 5 years’ direct operational level privacy experience preferably in a health sector and/or IT environment
- Minimum 5 years’ experience developing privacy policies and procedures, requirements or controls
- Holds an undergraduate or graduate degree in health, policy, IT, security, law or a related discipline
- Familiarity with the Personal Health Information Protection Act, 2004 (PHIPA), and its related requirements for Health Information Network Providers (HINP) and Electronic Service Providers (ESP)
- Familiarity with Electronic Medical Record (EMR) or HIS infrastructure, design, and data flows
- Familiarity with Application Programming Interface (API) functionality and management
- Familiarity with Public Key Infrastructure (PKI)